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What is claimed is: 

1 . A system for secure data transmission comprising: 

a session layer that maps authentication of at least one request to session level 
authorization, the authorization defining permitted communications between at least one 
resource and the at least one request. 

2. The system of claim 1 , wherein the session layer includes: 

a trusted session sub-layer for session level authorization and maintenance; and 

a reverse proxy for transferring data between the at least one resource and the at least one 

request. 

3. The system of claim 2, wherein layers of the request below its trusted session sub- 
layer are unaware of existence of layers of the resource below its trusted session sub-layer. 

4. The system of claim 1, wherein the session layer forms a bundle of transport layer 
connections between the at least one resource and the at least one request. 

5. The system of claim 4 ? wherein a plurality of bundles of transport layer 
connections are joined to create a meta-session. 

6. The system of claim 1 5 wherein the session layer maps ports onto itself 
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7. The system of claim 6, wherein the session layer associates a transport connection 
for data to pass from the at least one resource to the at least one request. 

8. The system of claim 1, further including a trusted operating system. 

9. The system of claim 1 ? wherein the authorizations are dynamically updated. 

10. The system of claim 1, wherein no layer below the session layer communicates on 
a peer to peer level. 

1 1 . The system of claim 1 , wherein the session layer includes a sterile core. 

12. The system of claim 1, wherein the session layer maps the authentication of users 
using a Secure Core rulebase. 

13. The system of claim 1, wherein resource identities are masked. 

14. The system of claim 1 ? wherein the authorization is dependent on a network 
interface of the at least one request. 
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15. The system of claim 1 , wherein the session layer provides an audit trail. 

16. The system of claim 1 , wherein the session layer can establish multiple sessions 
with multiple requests, each session operating in a half-duplex manner. 

17. The system of claim 1, wherein the session layer mediates resources between the 
at least one request and the at least one resource based on a credential set. 

18. The system of claim 1 ? wherein the session layer mediates resources between the 
at least one request and the at least one resource based on a credential set, and 

wherein the session layer bundles transport layer communications between the at least 
one resource and the at least one request by associating the bundles with the credential set. 

19. The system of claim 1, further including a multi-level operating system used as a 

proxy. 

20. The system of claim 1, further including a Session Manager to communicate 
through higher OSI layers. 

21 . The system of claim 1, wherein no physical resource is time-division shared by 
the at least one resource requester and the at least one resource provider. 
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22. A system for secure data transmission comprising: 
a virtual air gap provided by: 

a trusted session sub-layer for session authorization and maintenance; 

a trusted operating system for session separation; and 

a reverse proxy for data transfer between a user and a resource provider. 

23. The system of claim 22, wherein layers of the user below its trusted session sub- 
layer are unaware of existence of layers of the resource provider below its trusted session sub- 
layer. 

24. The system of claim 22, wherein the trusted session sub-layer forms a bundle of 
transport layer connections between the user and the resource provider. 

25. The system of claim 24, wherein a plurality of bundles of transport layer 
connections are joined to create a meta-session. 

26. The system of claim 22, wherein a session layer, which includes the trusted 
session sub-layer, maps ports onto itself. 

27. The system of claim 22, wherein the session authorization is dynamically 
updated. 
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28. The system of claim 22, wherein no layer below a session layer, which includes 
the trusted session sub-layer, communicates on a peer to peer level. 

29. The system of claim 22, wherein the trusted session sub-layer maps user 
authentication using a Secure Core rulebase. 

30. The system of claim 22, wherein the session authorization is dependent on 
network interface of the user. 

3 1 . The system of claim 22, wherein the trusted session sub-layer mediates resources 
between the user and the resource provider based on a credential set. 

32. The system of claim 22, wherein the trusted session sub-layer mediates resources 
between the user and the resource provider based on a credential set, and 

wherein the trusted session sub-layer bundles transport layer communications between 
the user and the resource provider by associating the bundles with the credential set. 

33. The system of claim 22, further including a multi-level operating system used as a 

proxy. 

34. The system of claim 22, further including a Session Manager to communicate 
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through higher OSI layers. 

35. The system of claim 22, wherein no physical resource is time-division shared by 
the user and the resource provider. 

36. A system for secure data transmission comprising: 

a trusted session sub-layer maintaining a virtual air gap between a plurality of resource 
requesters and a plurality of resource providers; 

a session manager for a transfer of data between the plurality of resource requesters and 
the plurality of resource providers. 

37. The system of claim 36, wherein the trusted session sub-layer includes a reverse 
proxy for transferring data between the plurality of resource requesters and the plurality of 
resource providers. 

38. The system of claim 36, wherein the trusted session sub-layer forms a bundle of 
transport layer connections between the plurality of resource requesters and the plurality of 
resource providers. 

39. The system of claim 38, wherein a plurality of bundles of transport layer 
connections are joined to create a meta-session. 
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40. The system of claim 36, wherein the trusted session sub-layer maps ports onto 

itself. 

41. The system of claim 40, wherein the trusted session sub-layer associates transport 
connections for data to pass from the plurality of resource requesters to the plurality of resource 
providers. 

42. The system of claim 36, wherein authorizations for the plurality of resourece 
requesters are dynamically updated. 

43. The system of claim 36, wherein no layer below a session layer, which includes 
the trusted session sub-layer, communicates on a peer to peer level. 

44. The system of claim 36, wherein the session layer mediates resources between the 
plurality of resource requesters and the plurality of resource providers based on each resource 
requester's credential set, and 

wherein the session layer bundles transport layer communications between the plurality 
of resource requesters and the plurality of resource providers by associating the bundles with the 
each resource requester's credential set. 

45. The system of claim 36, wherein no physical resource is time-division shared by 
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46. A system for secure data transmission comprising: 

a trusted session sub-layer for peer-to-peer communication between a plurality of 
resource requesters and a plurality of resource providers; 

a rulebase for authenticating authorization of the plurality of resource requesters on a 
dynamic basis, 

wherein the trusted session sub-layer forms a bundle of transport layer connections 
between the plurality of resource providers and the plurality of resource requesters. 

47. The system of claim 46, wherein the trusted session sub-layer includes a reverse 
proxy for transferring data between the plurality of resource requesters and the plurality of 
resource providers. 

48. The system of claim 46, wherein layers of each resource requester below its 
trusted session sub-layer are unaware of existence of layers of each resource provider below its 
trusted session sub-layer. 

49. The system of claim 46, wherein the trusted session sub-layer maps ports onto 

itself. 

50. The system of claim 46, wherein the authorizations for each resource requester 
are dynamically updated. 
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5 1 . The system of claim 46, wherein no layer below the session layer communicates 
on a peer to peer level. 

52. The system of claim 46, wherein the session layer mediates resources between the 
plurality of resource requesters and the plurality of resource providers based on each user's 
credential set, and 

wherein the session layer bundles transport layer communications between the plurality 
of resource requesters and the plurality of resource providers by associating the bundles with the 
each user's credential set. 
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53. A system for secure data transmission comprising: 

a session layer for a transfer of data between a plurality of resource requesters and a 
plurality of resource providers, 

wherein no peer-to-peer connections exist below the session layer; and 
a trusted session sub-layer maintaining a virtual air gap, 

wherein no physical resources are time-division shared between any resource provider 
and any resource requester. 
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54. A system for secure data transmission comprising: 

session layer means for mapping authentication of at least one request to session level 
authorization, the authorization defining permitted communications between at least one 
resource and the at least one request. 
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55. A system for secure data transmission comprising: 
virtual air gap means provided by: 

trusted session sub-layer means for session authorization and maintenance; 

a trusted operating system for session separation; and 

reverse proxy means for data transfer between a user and a resource provider. 
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56. A system for secure data transmission comprising: 

trusted session sub-layer means maintaining a virtual air gap between a plurality of 
resource requesters and a plurality of resource providers; 

session manager means for transferring data between the plurality of resource requesters 
and the plurality of resource providers. 



\\TCO-srv01\77758v01\lNZY01 LDOC 



Atty. Docket No 42336.010500 



57. A system for secure data transmission comprising: 

trusted session sub-layer means for peer-to-peer communication between a plurality of 
resource requesters and a plurality of resource providers; 

a rulebase for authenticating authorization of the plurality of resource requesters on a 
dynamic basis, 

wherein the trusted session sub-layer means forms a bundle of transport layer connections 
between the plurality of resource providers and the plurality of resource requesters. 
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58. A system for secure data transmission comprising: 

session layer means for a transfer of data between a plurality of resource requesters and a 
plurality of resource providers, 

wherein no peer-to-peer connections exist below the session layer means; and 
trusted session sub-layer means maintaining a virtual air gap, 

wherein no physical resources are time-division shared between any resource provider 
and any resource requester. 
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59. A computer program product for secure data transmission comprising: 

a computer usable medium having computer readable program code means embodied in 

the computer usable medium for causing an application program to execute on a computer 

system, the computer readable program code means comprising: 

computer readable program session layer code means for mapping authentication of at 

least one request to session level authorization, the authorization defining permitted 

communications between at least one resource and the at least one request. 
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60. A computer program product for secure data transmission comprising: 
a computer usable medium having computer readable program code means embodied in 
the computer usable medium for causing an application program to execute on a computer 
system, the computer readable program code means comprising: 

computer readable program code means for a virtual air gap provided by: 

computer readable program code trusted session sub-layer means for session 
authorization and maintenance; 

a trusted operating system for session separation; and 

computer readable program code reverse proxy means for data transfer between a 
user and a resource provider. 
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61. A computer program product for secure data transmission comprising: 
a computer usable medium having computer readable program code means embodied in 
the computer usable medium for causing an application program to execute on a computer 
system, the computer readable program code means comprising: 

computer readable program code trusted session sub-layer means for maintaining a 
virtual air gap between a plurality of resource requesters and a plurality of resource providers; 

computer readable program code session manager means for transferring data 
between the plurality of resource requesters and the plurality of resource providers. 
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62. A computer program product for secure data transmission comprising: 
a computer usable medium having computer readable program code means embodied in 
the computer usable medium for causing an application program to execute on a computer 
system, the computer readable program code means comprising: 

computer readable program code trusted session sub-layer means for peer-to-peer 
communication between a plurality of resource requesters and a plurality of resource providers; 

a rulebase for authenticating authorization of the plurality of resource requesters on 
a dynamic basis, 

wherein the trusted session sub-layer means forms a bundle of transport layer 
connections between the plurality of resource providers and the plurality of resource requesters. 
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63. A computer program product for secure data transmission comprising: 
a computer usable medium having computer readable program code means embodied in 
the computer usable medium for causing an application program to execute on a computer 
system, the computer readable program code means comprising: 

computer readable program code session layer means for transferring data 
between a plurality of resource requesters and a plurality of resource providers, 

wherein no peer-to-peer connections exist below the computer readable program 
code session layer means; and 

computer readable program code trusted session sub-layer means for maintaining 
a virtual air gap, 

wherein no physical resources are time-division shared between any resource provider 
and any resource requester. 
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64. A method for secure data transmission comprising: 

mapping authentication of at least one request to session level authorization in a session 
layer, the authorization defining permitted communications between at least one resource and the 
at least one request. 
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